upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-06-09 08:59:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Move create_temp_file() out of #ifdef ENABLE_CRYPTO

Browse source 
By using get_random() instead of prng_bytes(), we no longer have to place
create_temp_file() inside #ifdef ENABLE_CRYPTO.

The resulting filename now has 62 bits of entropy (2 * [0-INT_MAX])
instead of the previous 128 bits, but that should be plenty.  Assuming an
int is 32 bits, we would need about 2**31 (2147483648) files to have a
(roughly) 0.5 chance of failing in one of the 6 attempts we do.

(This is preparing to move the function out of misc.c, where I'd prefer to
not have to add a #include "crypto.h".)

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170725210234.5673-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15146.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
This commit is contained in:
Steffan Karger 2017-07-25 23:02:34 +02:00 committed by David Sommerseth
parent 956bb1c32f
commit cd5a74d0d7
No known key found for this signature in database
GPG key ID: 86CF944C9671FDF2
1 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/openvpn/misc.c
View file

@ -808,8 +808,6 @@ test_file(const char *filename)
return ret;
}
#ifdef ENABLE_CRYPTO
/* create a temporary filename in directory */
const char *
create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
@ -822,15 +820,11 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
do
{
uint8_t rndbytes[16];
const char *rndstr;
++attempts;
++counter;
prng_bytes(rndbytes, sizeof rndbytes);
rndstr = format_hex_ex(rndbytes, sizeof rndbytes, 40, 0, NULL, gc);
buf_printf(&fname, PACKAGE "_%s_%s.tmp", prefix, rndstr);
buf_printf(&fname, PACKAGE "_%s_%08lx%08lx.tmp", prefix,
(unsigned long) get_random(), (unsigned long) get_random());
retfname = gen_path(directory, BSTR(&fname), gc);
if (!retfname)
@ -861,6 +855,8 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
return NULL;
}
#ifdef ENABLE_CRYPTO
/*
* Prepend a random string to hostname to prevent DNS caching.
* For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov.